I have an Azure Application Gateway (lets say example.com), behind which I have a few Azure App Services (example1.com, example2.com, etc).
I am using python social auth to authenticate my django app. The issue is that when I click login from example.com, and it forwards that request to example1.com, the login request happens from example1.com.
If I specify a OAuth callback addresses as
example.com/complete/azuread-oauth2,
example1.com/complete/azuread-oauth2, and
example2.com/complete/azuread-oauth2,
it doesn't work, social auth gives me the error:
raise AuthStateForbidden(self)
social_core.exceptions.AuthStateForbidden: Wrong state parameter given.
This might be because of the referrer site being example.com, but the actual request going from example1.com, though I am not sure. Is there any way to fix it so that the redirection doesnt happen to example1.com, and I can hide example1.com behind example.com?
The python-social-auth Django strategy uses request.build_absolute_uri(...) method, which depends on request.get_host(...) in order to retrieve the current host the URL should be point to.
When your setups is behind a proxy (or behaves like that), you need to ensure that the destination server knows the originating host source in order to setup the proper URL. Check the get_host() documentation, it lists the different options that must be set to make that possible.